gitolite permissoins with branches and folders

Question

In gitolite I want the @developers to be able to push to any branch except for master.
I want user1 to be able to push to any branch (including master) except not a certain directory on master.

How would I do that?

@VonC helped my try a few things, but we came to the conclusion that we would have to create a custom VREF. — Drew LeSueur, Jun 05 '13 at 17:37

score 1 · Accepted Answer · edited May 23 '17 at 12:11

1

This should address both:

repo arepo
  RW          = @developer
  -  master$  = @developer

  RW                     = user1
  - master and VREF/NAME/adirectory = user1

The access rules and refex pages explain how /refs/head/master branch is denied for push for @developer.

The Virtual Refs 'NAME' allows you to deny push for a given directory or file.

The Drew Lesueur adds in the comments:

  - master VREF/NAME/adirectory = user1

It seems to not be doing an "and" condition but an "or" for us - master VREF/NAME/adirectory = user1
I ended up writing a custom VREF script for what I needed

I confirm that, in this case, only a custom VREF can match the OP's requirements, until gitolite 3.5 (and the introduction of 'and'): see sitaram (creator of gitolite)'s answer.

edited May 23 '17 at 12:11

Community

1
1

answered Jun 04 '13 at 18:54

VonC

1,262,500
529
4,410
5,250

Doesn't that restrict `user1` from creating a branch that includes `adirectory` ? – Drew LeSueur Jun 04 '13 at 19:03
@DrewLeSueur no: the VREF "`NAME`" is about restricting a push by the names of dirs and files changed. `adirectory`, here, is a parameter of that virtual ref, not a branch name. – VonC Jun 04 '13 at 19:18
Right. `adirectory` is a directory name. If `user1` creates a new branch, and that branch includes the directory `adirectory` then `user1` cannot push it. (This is what we are running in to) – Drew LeSueur Jun 04 '13 at 19:22
@DrewLeSueur that does sound like what you need, doesn't it? – VonC Jun 04 '13 at 19:28
I wanted user1's directory limitation to only apply to the master branch not other branches. (thank you for replying btw) – Drew LeSueur Jun 04 '13 at 19:36
@DrewLeSueur I have edited the answer to address your requirement: `- master VREF/NAME/adirectory = user1`. You can specify *several* refexes, which allows you to deny push based on a VREF *and* on (`master`) branch name. – VonC Jun 04 '13 at 20:11
I seems to not be doing an "and" condition but an "or" for us `- master VREF/NAME/adirectory = user1` I ended up writing a custom VREF script for what I needed – Drew LeSueur Jun 04 '13 at 22:40
@DrewLeSueur Right, I have included that caveat in the answer and emphasized the need for a custom VREF. – VonC Jun 05 '13 at 06:28

score 1 · Answer 2 · edited Jun 07 '13 at 18:57

As of v3.5, you can do this:

(1) add this line

'refex-expr',

somewhere inside the ENABLE hash in the .gitolite.rc file.

(2) use rules like this:

repo r1
    RW+ master                          =   user
    RW+                                 =   user
    RW+ VREF/NAME/Makefile              =   user
    -   master and VREF/NAME/Makefile   =   user

Documentation (including warnings!) is inside src/VREF/refex-expr. There are some other neat examples in there.

Please note that I do not follow SO/SE/etc.; IMO the gitolite mailing list is the correct place for questions about gitolite.

However, someone pointed this one out to me, and since it referenced a very recent feature I thought I'd chip in.

-- sitaram

gitolite permissoins with branches and folders

2 Answers2

Linked